CapDesk
Encyclopedia
CapDesk is a desktop environment
that rigorously applies the Principle of least authority, in order to provide security for the user when running applications.
Under CapDesk, applications are run with minimal authority, so that an application does not have access to a given file or directory until the user explicitly grants the application the right to access it.
CapDesk is a research system that aims to show that this does not reduce the usability of the system. On the contrary; CapDesk's user interface is quite conventional from the user's point of view. Standard GUI mechanisms such as opening a file or using a file chooser are the basis for granting access rights to applications.
CapDesk was the first system to implement a powerbox file chooser.
CapDesk is written in the E programming language, which in turn is currently implemented in Java
.
via a powerbox.
The term is a pun on applet
, combining the term with "cap" which is short for "capability".
Applets such as Java applet
s often have no non-trivial use, because they do not have—and more importantly, cannot be granted—useful authority, such as the ability to save a file to the user's filesystem. In contrast, caplets are more useful, because they can request and be granted authority in a fine-grained but secure way.
Desktop environment
In graphical computing, a desktop environment commonly refers to a style of graphical user interface derived from the desktop metaphor that is seen on most modern personal computers. These GUIs help the user in easily accessing, configuring, and modifying many important and frequently accessed...
that rigorously applies the Principle of least authority, in order to provide security for the user when running applications.
Under CapDesk, applications are run with minimal authority, so that an application does not have access to a given file or directory until the user explicitly grants the application the right to access it.
CapDesk is a research system that aims to show that this does not reduce the usability of the system. On the contrary; CapDesk's user interface is quite conventional from the user's point of view. Standard GUI mechanisms such as opening a file or using a file chooser are the basis for granting access rights to applications.
CapDesk was the first system to implement a powerbox file chooser.
CapDesk is written in the E programming language, which in turn is currently implemented in Java
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
.
Caplet
In the CapDesk desktop environment, a caplet is a program that starts off with no authority beyond the ability to interact with the user via a window and to request capabilitiesCapability-based security
Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights...
via a powerbox.
The term is a pun on applet
Applet
In computing, an applet is any small application that performs one specific task that runs within the scope of a larger program, often as a plug-in. An applet typically also refers to Java applets, i.e., programs written in the Java programming language that are included in a web page...
, combining the term with "cap" which is short for "capability".
Applets such as Java applet
Java applet
A Java applet is an applet delivered to users in the form of Java bytecode. Java applets can run in a Web browser using a Java Virtual Machine , or in Sun's AppletViewer, a stand-alone tool for testing applets...
s often have no non-trivial use, because they do not have—and more importantly, cannot be granted—useful authority, such as the ability to save a file to the user's filesystem. In contrast, caplets are more useful, because they can request and be granted authority in a fine-grained but secure way.
External links
- A Security Analysis of the Combex DarpaBrowser Architecture, David Wagner and Dean Tribble, March 4, 2002
- E and CapDesk